Ever wondered how hackers breach big corporations? Wonder no more. We detail a step-by-step real life scenario to hack a luxury brand, steal credit card data and spy on board members.
Art of exploitation
We start by building a small hardware backdoor that we plant in a retail store owned by our target brand. You get to learn about the Wiegand protocol and how to bypass card readers found in all major shops and companies.
Network security
Using our backdoor as a pivot, we infiltrate the internal network and exploit NTLM vulnerabilities to connect to a random server. We bypass Applocker rules and elevate privileges to take control over the streaming screens in the shop. But, that's not enough for us now is it?
We map the company's network architecture and bounce from server to server using "Pass-the-ticket"techniques and domain trusts in a Windows Forest. We land on HQ networks at the other end of the globe.
Art of intrusion
Once inside the main network, we hack a couple of servers (Golden ticket, Token impersonation, etc.) and manage to break into an IBM Z Mainframe, where credit card data is stored. We exfiltrate data from the Mainframe, then smuggle them off the network without triggering the DLP software.
Finally, we explore how to execute code on the laptop of every board member and spy on their meetings.
No metasploit and other old hacking tricks
We go through each hacking trick step-by-step: from bypassing Citrix/Applocker to abusing Kerberos and hacking a Mainframe. The idea is to help you replicate these procedures during your engagements.
All custom attack payloads are provided and explained thoroughly in the book.